Embed Size (px)
Citation preview
17th February 2015
MOBILE APPLICATION
MANAGEMENT WITH
MICROSOFT INTUNE
Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | Twitter: @gerryhampson
1. Introduction
December 2014 was a big month for Microsoft Intune. Additional features were added such as
conditional access, bulk enrolment of iOS devices and lockdown of Windows Phone 8.1 devices
(Kiosk mode). However, for me, the most eagerly awaited features were the introduction of new
mobile application management (MAM) capabilities.
The additional features were described in the Intune Team Blog:
http://blogs.technet.com/b/microsoftintune/archive/2014/12/09/new-mobile-application-management-
capabilities-coming-to-microsoft-intune-this-week.aspx
Managed Browser for Android
PDF Viewer, AV Player, and Image Viewer apps for Android devices
Office mobile apps (Word, Excel, PowerPoint) for iOS devices
Intune App Wrapping Tool for iOS
In Feb 2015 the solution was further improved when new apps were released to further enhance the
MAM experience on Android and iOS devices.
Microsoft Word for Android
Microsoft Excel for Android
Microsoft PowerPoint for Android
Microsoft OneNote for Android
Microsoft Outlook for Android
Microsoft Outlook for iPad
The sections below describe how this technology works (and it works very well). We will see how to
secure the managed browser to only be able to open a single URL (SharePoint site). It will only be
possible to open content using a managed app. We will see how this looks on an Android device.
Create Policies
Add and deploy Intune Managed Browser
Add and deploy PDF Viewer
Install Managed Apps and test MAM functionality
Available Managed Apps
2. Create Policies
Open the Intune console so that we can create the policies to introduce the concept of
containerisation. We will configure a MAM container so that data can only be shared between
managed apps.
We are only interested in Android devices for the moment but we will see that we can also create
policies for iOS devices.
Open Policy > Configuration Policies.
Click to Add a new configuration policy. Browse to the Software Section.
See our choices:
Managed Browser Policy for iOS or Android
Mobile Application Management Policy for iOS or Android.
We'll choose Mobile Application Management Policy for Android this time. Click to "Create a custom
policy". Now see the available options. Note that I have chosen all default settings.
Give the policy a name. It makes sense to choose Yes for "Restrict web content to display in the
Managed Browser" (when this setting is enabled, any links in the app will be opened in the Managed
Browser).
See options for preventing data leakage.
Require a PIN for access to the containerised area.
I like to disable screenshots of the managed area (makes sense if you are securing data).
The Android Mobile Application Management Policy has been created. See that this policy cannot be
deployed directly. It must be associated with the software that it will manage.
OK, now let's create the Managed Browser Policy.
Name the policy and configure the URLs that you want to secure. I only have one.
Policy has been created. See again that this policy must be associated with the software which it will
manage.
3. Deploy Managed Browser
The Intune Managed Browser for Android was added to the Google Store in December 2014.
https://play.google.com/store/apps/details?id=com.microsoft.intune.mam.managedbrowser
Open the Intune console and browse to Software > Managed Software.
Click to "Add" software.
Enter your Intune credentials to open the Microsoft Intune Software Publisher.
Select "Add Software".
Choose "External Link" and enter the URL for the Managed Browser in the Google Store.
Enter the app details and add an icon if you wish.
Click "Upload" to finish.
The Managed Browser is now available in Intune. Now we must deploy the browser.
Select the software and choose "Manage Deployment".
Select the Group to which you want to deploy (pre-created group of users or devices).
Note that "Available" is the only option (Required is greyed out).
Associate with the previously created MAM Policy.
Associate with the Managed Browser Policy.
4. Deploy PDF Viewer
We've added and deployed the Managed Browser. Now we need a managed app that will open the
managed content. Enter the Intune PDF Viewer. This was added to the Google Store in December
2015.
The process to add and deploy the PDF viewer is the same as before.
Add the software.
Upload.
Manage the deployment.
Select the target group.
Must be "Available".
Select the MAM Policy.
5. Test MAM Functionality
OK, we've finished the Intune configuration for now. So what does Mobile Application Management look like on the device (Android)? Let's see. Remember that we deployed the Intune Managed Browser as "Available". Now we must install it. Open the Intune Company Portal on the device.
Browse to Apps to see the Managed Browser and the PDF Viewer. Let's just install the browser for now. Click on the software.
Select "View in Google Play".
This takes us to the location of the software in the Google Store. Click to Install.
“Accept”
Now open the App.
We are prompted to set a PIN for the managed container.
The Managed Browser is installed. Now the fun starts. Launch the browser.
I use a mirroring software to display my Android device on the monitor. Note that the device screen goes dark when the Managed Browser opens. How cool is that? There is no chance to take a screenshot of any data. I've taken photographs of the rest of the process.
This is the Intune Managed Browser for Android. It is based on Chrome and has much of the same functionality you would expect from a browser - see where you can bookmark URLs. Try to access a URL that you have not configured.
Access is blocked.
We can only access the allowed URLs.
This is a list of documents from the allowed SharePoint site. Remember that we have not yet installed any other Managed Apps. Therefore we should not be allowed to open any content.
......and we can't.
Now let’s install the PDF Viewer.
Now I have better success opening my managed PDFs.
6. Available Managed Apps
At the present time the following managed apps are available.
Android Apps
Managed Browser
PDF Viewer
AV Player
Image Viewer
Microsoft Word
Microsoft Excel
Microsoft PowerPoint
Microsoft OneNote
Microsoft Outlook
iOS Apps
Managed Browser (pending Apple Store approval)
Microsoft Word for iPad
Microsoft Excel for iPad
Microsoft PowerPoint for iPad
Microsoft OneNote for iPad
Microsoft Outlook for iPad
Also Microsoft have released an iOS Wrapping tool with which you can enable your own apps to be
managed without any software development.
